computer security help

  • Thread starter Thread starter Rusty K
  • Start date Start date
R

Rusty K

New member
Hi,

I'm having to take time from audio to fix a computer security problem.

I've been hacked or cookied. Upon opening Internet Explorer my homepage is automatically changed and a ton of webpages pop up. I have a good antivirus program and I've downloaded some freebie security programs to clear cookies, erase bogus entries in my homepage dropdown menu, delete temp internet files etc. but they don't seem to be able to clean my computer any better than the stuff that I already have with XP. Nothing works! I can't find the cookie or whatever is causing this.

I contacted my antivirus people and they mentioned editing the registry and I checked it out but I don't know what I'm looking for so I didn't touch anything.

Could someone direct me to a resource to help me troubleshoot this?

I apologize for the non audio question but it happens to be a pressing issue at the moment.

I'm thinking after this I'm going to disable cookies altogether and just inter passwords etc. manually to my favorite sites.


Thanks
Rusty K
 
that sucks :(

im sorry i cant really give u advice on how to get rid of it - but a must have is a firewall (eg norton personal firewall), be sure to get one to prevent things like this from happening again - if u dont already have one.. if u do, watch ur steps better.. the internet has become a dangerous place.. :(

other than that, u said it changed the start page. well i can just suggest u to change it back, but im pretty sure u already tried that.. if the "bad" page is set again after reboot, u probably have one of those worms taken over control of ur pc.. try http://symantec.net and the latest patches for those..

thats about all i can think of, good luck!
 
The problem is not that you have anything permanently installed, but your home page is now just pointing to a page that has a lot of pop-ups linked to it.

Thank Microsoft and Bill for allowing the security holes and for allowing the ability of someone to change your default page.

Just change your homepage and never go back to that one again.

I keep mine pointing to a page on my own PC, a page of links that I hit each day anyway.... this is much more convenient that linking to a page on the Web anyway....
 
hey....thanks

My anti virus is updated automatically daily. I check for viruse often. I uninstalled Zone Alarm (firewall) because it seemed to be messing with my multitrack software.

I've deleted everything in cookies, temp internet, history. I'm unable to delete unwanted entries in my homepage dropdown menu. I've added the offending websites to my security list to block but still about every sixth time I open Explorer there it all is again.

Rusty K
 
FYI,

I was directed to a freeware program Adaware. It scans the registry as well files and folders. I've already put it to work and I hope it does all it claims.....looking good so far.

I snagged the program from the PCMag download site. I'll try to return with a link for anyone interested

Damn puters...what a love hate thing!

Thanks again,

Rusty K
 
Update!


I had to boot from my Widow's CD-ROM. I'm not sure why yet... still in doubt. It could be the new program added or maybe my editing of the registry. Luckily I backed up my changes. The puter said it was a problem with a file, acpi.sys (Page_Fault_In_Nonpaged_area). Whatever that means!

The correct website for the freeware Adaware is PCWorld downloads page.

http://www.pcworld.com/

This link is the main homepage then just click on downloads. There's lot's of neat stuff here for those who have never visited the site.

Rusty K

PS

If I might make a suggestion for another forum here. I'm sure it's been discussed before but it seems to me that a forum specificly for "Computer Problems" would be nice. It's not audio but the main thing that keeps me from my recording is computer problems. Don't get me wrong I've received tons of tech. assistance here in the past (I am eternally grateful) but wouldn't it make it easier for those gifted in the tech area to have a place to congregate to offer assistance.

Thanks to all
 
When you use Ad-Aware, be sure to click "check for updates" every time you run it. Every time I have run it, there has been an update available. It's a constant cat-and-mouse game between the people who make the spyware and the people who make the spyware removal tools. But Ad-Aware has gotten rid of every browser hijack and other exploit I have ever seen. It takes a while to clean your system, but it works.
 
hey charger,

I'm still in the dark about registry entries and editing them. It makes me nervous so I backed them all up. I did have a problem this morning booting so I had to use the Windows Setup CD. I was kind of afraid that I had removed something I shouldn't but my programs have been running smoothly today and I've been busy on the internet with everything smooth.

Well see.....

If you have anymore time I'd love any other insights about the program that you might have.

Thanks,
RustyK
 
Rusty,

First off, I would like to say that if you have anything on your computer that you ABSOLUTELY don't want to lose then I would recommend not using that computer to connect to the internet! I know that there are many security conditions (I would know, I went to school for network administration) that you don't want to face. I was taught many ways to hack computers and networks as well as ways to make and send viruses and it is just not worth the chance if it may mean losing all of your hard work! As far as your situation:

1. Definately DON'T mess with the registry. If you don't absolutely know what you're doing in there then you don't belong. The registry is basically the underworking of your GUI Interface (in most cases Windows, etc). Once you go messing with that you can make things happen that you never thought could happen!

2. Install the latest version of Internet Explorer and make sure your security settings in internet options are set to at least medium.

3. Again.. I recommend, if using a computer for studio purposes, it is silly to connect to the internet with it!

If you need more help let me know!
 
yes omen....I agree about using your studio pc for the internet. Unfortunately its' not yet practical for me to do that and since my pc is not the source of my income (yet...ha!) I have to take that chance. I do back up my work, eventually.

For guys/girls in my situation I can, so far, give high marks to Adaware software. It gives you a good idea of just what it is you are removing from you computer. Yesterday it found two window.exe files that were potential pc hijackers. I've had no changes to my IE hompage or unwanted entries on my fav's list or shortcuts on my desktop and as far a I can tell my pc is running smoothly now.

Thanks,

Rusty K
 
OK lemme see if I can help you with your Registry problem. (I got 12yrs exp as a network engineer -- A+ Network+ MCSE/MCSA etc etc...)

NOTE: This is probably NOT the problem you're having - although you may have some "dialer" software loading at startup -- sounds like your main problem is changing the default homepage.

First off I'll assume they wanted you to look for anything in your startup menu in the registry (like dialers):

HKEY_LOCAL_MACHINE
..................|
..................|
..................+SOFTWARE
............................|
............................+Microsoft
...................................|
...................................+ Windows
............................................|
............................................+ Current Version
........................................................|
........................................................+ Run

(Also look at :..................................+ Run Services)

Now instead of guessing at what you have there (right side of screen). Just write it down and post it here... I'll explain each entry to you in detail. Together we can assess what needs to go and why.

As far as your problem changing the default home page in IE:
(First be sure IE is shut down)
That is easily solved by using the interface from the Control Pannel (Start / Settings / Control Pannel). Double click the "Internet Options" icon. It looks exactly like the interface from IE, but it will override the message you're getting.... ummm... I'm assumeing you're getting the message about your lack of "Administrative Access"?? -- it's a very common problem with IE which is fixed in Windows 2000 by installing Service Pack 3 -- If you're running a different version of Windows, lemme know. I'll advise as to which updates you should be using. (Some are a waste of time/resources)

My advise about a firewall: Re-install Zone Alarm... just remove it from your start folder in Start/Programs/Startup. Put an icon on your desktop and just fire it up when you connect to the web. If you're on a permanent LAN connection (like me - Cogeco Cable) then spend $20.00 and get a physical LAN switch... you can then "shut off" your internet when you're not using it... believe me... an idle, unwatched high-speed connection is a hacker's playground. .. also install ProPort http://www.tdupage.com/
Just minimize it and let it run in the background... takes up very little resources, and will automatically close any ports that a hacker attempts to access...

- Tanlith -
 
Rusty K said:
Update!


I had to boot from my Widow's CD-ROM. I'm not sure why yet... still in doubt. It could be the new program added or maybe my editing of the registry. Luckily I backed up my changes. The puter said it was a problem with a file, acpi.sys (Page_Fault_In_Nonpaged_area). Whatever that means!

The correct website for the freeware Adaware is PCWorld downloads page.

http://www.pcworld.com/

This link is the main homepage then just click on downloads. There's lot's of neat stuff here for those who have never visited the site.

Rusty K

PS

If I might make a suggestion for another forum here. I'm sure it's been discussed before but it seems to me that a forum specificly for "Computer Problems" would be nice. It's not audio but the main thing that keeps me from my recording is computer problems. Don't get me wrong I've received tons of tech. assistance here in the past (I am eternally grateful) but wouldn't it make it easier for those gifted in the tech area to have a place to congregate to offer assistance.

Thanks to all
Click to expand...

OK Your problem here is with the Advanced Configuration and Power Interface (ACPI) -- another common problem believe it or not. Although more common with Windows 98se (Second Edition) -- is that what you're running?

Basicly the problem is with your network bindings (which could very well be a result of some 3rd party network software - like a dialer... :p ) -- This problem can occure if Both the Transmission Control Protocol/Internet Protocol (TCP/IP) and Microsoft NetBEUI protocols are bound to an Intel network adapter that uses the E100bnt.sys driver. Some versions of this file can generate this behavior.

Quick fix: Reboot into safe mode and remove your TCP/IP and NetBEUI stacks... reboot then reinstall them (And yes - reboot yet again)

You mentioned it's a Page Fault in non paged area... Paging occures in memory... so when you get a page fault error it usually indicates a problem with the way a file is writing and removing itself from physical memory. Ergo a corrupt file... If the quick fix doesn't work, then remove the E100bnt.sys file in safe mode and re-install the NIC drivers. (NIC - Network Interface Card)


- Tanlith -

P.S. -- I'd be happy to be Moderator of a Forum here if Dragon's ok with the idea... We could call it "Desktop Triage" hehe ;) :)
 
tanlith,

Hey you're scaring me man with all this tech stuff but I'll give it a shot.

My sysytem will not boot normally at all now.

I'm still having to use the XP startup CD (sometimes). I get the message that there is a System 32|Driver|Ntsf.Sys file that is either missing or corrupted.

If I do manage to get the window with the startup options listed, I can usually get it to boot using latest good boot config. I tried safe mode to look for a problem in my device manager but found nothing.

Once she is running everything is peachy except that I do get my homepage taken over (sometimes) by global.find search engine.

Where is the dropdown url menu stored? Why can't this be locked or at least edited by hand? Seems like a simple request.

Thanks for your help

Rusty K
 
To resolve this problem, you must replace the missing or corrupted Ntfs.sys file. To do so, follow these steps:

(1) Start your computer with the Windows XP CD-ROM in the CD-ROM drive.

(2) You are prompted with the following option:

To repair a Windows XP installation using Recovery Console, press R

When you are prompted with this option, press R to select it.

(3) At the command prompt, type the following commands (press ENTER after each command):

cd \windows\system32\drivers

ren ntfs.sys ntfs.old



Note This step renames the corrupted Ntfs.sys file to Ntfs.old. If the Ntfs.sys file is not found, then the file was missing.

(4) At the command prompt, type the following command, and then press ENTER:

copy cd:\i386\ntfs.sys drive:\windows\system32\drivers

Where cd is the drive letter for the CD-ROM drive that contains the Windows XP CD, and drive is the drive that you installed Windows XP to. (Usually C: by default)

(5) Remove the Windows XP CD from your CD-ROM drive, type quit, and then press ENTER to quit the Recovery Console.

(6) Restart Windows XP

Lemme know how this works out for you. :) Once we get a stable boot, we'll tackle this homepage thing head on.

- Tanlith -
 
tanlith,

Forgive my late response.....I've been working out of town two nights.

Let me absorb your suggestions and try them.

I'll get back as soon as I can.

Thanks

Rusty K
 
tanlith,

I turned my computer off and waited a couple of minutes then turned her back on to follow your instructions but this time it booted just fine.

The only thing different is that I removed a program (Real Player One) that I had only had on my computer a week or so. Could a program have caused this boot problem?

The next time I "cold boot" if it "snags" I'll go through your list. So that's how you access specific data from the startup CD?

Tanlith, never over estimate the technical knowledge of a musician trying to play with his compter....Ha! My basic approach to my PC is, and you've heard it, "If it aint broke don't fix it" and I also avoid changing it when it's working well. Whenever a tech problem arises then I try to tackle the tech knowledge so that I can get back to my music. I'm learning as I go but it's spotty sometimes.

Here's DUH! example..... Prompt command? When I hit "r" when the first screen comes up is it supposed to go to a new/different screen? Did you call it the "Restore console"? I thought I did that but I got the screen with the curser at the bottom saying it was booting from CD. It quickly jumped to the next line saying "press any key to boot from CD" and again quickly it automatically jumps to boot.

Am I missing the "first" screen?

Also when I last got that message about the missing file, I had to "reset" my computer to get it to read the CD. If this happens again should the CD be removed before the reset?

Can't thank you enough for your help Tanlith.

Rusty K
 
Last edited:
Yikes! :(


I was in the middle of some photo editing and my computer restarted on it's own. First time that ever happened. It booted back up though without snagging.

What is going on here!

Rusty K
 
Rusty K said:
Here's DUH! example..... Prompt command? When I hit "r" when the first screen comes up is it supposed to go to a new/different screen? Did you call it the "Restore console"? I thought I did that but I got the screen with the curser at the bottom saying it was booting from CD. It quickly jumped to the next line saying "press any key to boot from CD" and again quickly it automatically jumps to boot.

Am I missing the "first" screen?

Also when I last got that message about the missing file, I had to "reset" my computer to get it to read the CD. If this happens again should the CD be removed before the reset?

Can't thank you enough for your help Tanlith.

Rusty K
Click to expand...

:)

OK yeah... you have to hit a key to get it to boot from the CD... I know it kinda "flies by" quick, but you can start "tapping" a key repeatedly just before the message comes up, you should do ok...

I read all your messages before this reply... sounds like there's a LOT of stuff going on on your system. Are you running Norton Antivirus? If not, you really should get it. If you have high speed internet and it's always on (like mine - Cogeco - see previous message) the reboot could very well have been a hacker screwing around... install Pro Port (link is in my previous message) and Zone Alarm.. of course the reboot cold have simply been something else.... is your computer a "brand name" (Compaq; IBM; Dell etc...) system or was it built by a local PC Sales shop?

IMHO, it's starting to sound like your systems about ready to be reloaded from scratch... in which case I would bring it to a reputable tech and have him backup all your important data before reloading Windows. Any version of Windows before 2000 and XP has a tendency to basicly "chew itself to pieces" over time... I used to routinely reload my PC from scratch every 6-8 months... keep in mind that I do a LOT of experimenting on it, so many of those times were my own fault. ;)

- Tanlith -
 
God what a mess!

I'm running EX anti virus with automatic updates.

I've never had a worm but it's acting the way I would imagine it would under those conditions.

I got a message on boot this time

"load DLL's for HAL"

Every boot is something different.

I want to check things out more first before I reinstall XP cause I'll have a hassle trying to get all my programs back the way they were.

I hope I'll be in touch soon!

Rusty K
 
OK... my advice is to get rid of the Virus program you're running and get Norton (or McAfee -- Norton is cheaper and just as good)

Norton & McAfee are light years ahead of ANY othee virus program out there... they update more often and are usually the first to come up with a fix for any new bugs out there.

Keep me posted!

- Tanlith --- Website Updated!
 
You must log in or register to reply here.
Back
Top